.\" SPDX-License-Identifier: CC-BY-SA-4.0 or-later
.\" SPDX-FileCopyrightText: 2025 grommunio GmbH
.TH pam_gromox 4gx "" "Gromox" "Gromox admin reference"
.SH Name
pam_gromox \(em a PAM plugin to authenticate with Gromox
.SH Description
This module feeds authentication requests to Gromox's authmgr(4gx) module, and
thus mysql_adaptor(4gx) and/or ldap_adaptor(4gx). It does not rely on the
availability of any Gromox service; just MySQL/LDAP is enough. pam_gromox is
meant to be used in conjunction with non-Gromox processes that an administrator
may wish to integrate with, such as an SMTP daemon.
.SH Incantation in /etc/pam.d/smtp
Gromox accounts are not mapped from or to any Unix accounts, so the pam_unix.so
module that is present in the default /etc/pam.d/smtp module list within Linux
distributions is not suitable and can be wholly replaced. In otherwords,
/etc/pam.d/smtp need just contain:
.PP
.nf
auth required pam_gromox.so service=smtp
account required pam_permit.so
.fi
.PP
(pam_gromox does not provide a usable "account" handler, therefore "account
required pam_gromox.so" would do nothing. The PAM framework always starts out
with an initial deny policy, so at least one module needs to be called to make
the PAM request succeed. For this reason, if there are no other "account"
modules listed, pam_permit.so should be used.)
.SH PAM module arguments
.TP
\fBservice=\fP\fIs\fP
Check for a specific privilege bit on the user account. Possible values for
\fIs\fP are: \fBexch\fP, \fBsmtp\fP, \fBimap\fP, \fBpop3\fP, \fBchat\fP,
\fBvideo\fP, \fBfiles\fP, \fBarchive\fP.
.br
Default: \fBsmtp\fP
.SH Configuration directives
The usual config file location is /etc/gromox/pam.cfg.
.TP
\fBconfig_file_path\fP
Colon-separated list of directories in which further configuration files.
.br
Default: \fI/etc/gromox/pam:/etc/gromox\fP
.TP
\fBpam_prompt\fP
If pam_gromox detects the absence of a password but presence of a PAM
conversation function, it will attempt to retrieve the password that way, and
in doing so, will show this label just ahead of the nonechoing password prompt.
.br
Default: \fIPassword: \fP
.SH See also
\fBgromox\fP(7)
